unified-invoice
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a client, item, or notes field contains HTML or script-like content, it could run or trigger network/resource loads during PDF generation instead of being treated as plain invoice text.
Item names and notes are inserted directly into HTML without escaping, then the generated file is opened in Chromium for PDF conversion.
<td>${item.name}</td> ... .replace(/{{notes}}/g, options.notes || ''); ... await page.goto(`file://${htmlPath}`Escape all template variables, use an auto-escaping template engine, sanitize HTML, and consider disabling JavaScript or applying a restrictive CSP during PDF rendering.
A crafted client name could cause files to be created outside the intended output folder, or cause unexpected overwrite/create behavior for user-writable paths.
The client name is used directly in a filesystem path for generated output, without rejecting path separators or verifying the resolved path stays under OUTPUT_DIR.
const filename = `${issueDate}-견적서-${client.name}`; const htmlPath = path.join(OUTPUT_DIR, `${filename}.html`); ... fs.writeFileSync(htmlPath, html, 'utf-8');Convert client names to safe basenames, reject '/', '\\', '..', and control characters, and verify path.resolve(target).startsWith(path.resolve(OUTPUT_DIR)) before writing.
Client names, invoice amounts, totals, and file paths may persist in a shared local events area if this helper script is used.
The helper script writes invoice metadata to an events directory under the OpenClaw workspace, which may be consumed by other local automation.
EVENTS_DIR="${EVENTS_DIR:-$WORKSPACE/events}" ... "client": "$CLIENT", "amount": $AMOUNT, "total": $TOTAL, "file": "$FILENAME"Document this event emission clearly, provide an opt-out, minimize sensitive metadata, and ensure workspace event files are not shared more broadly than intended.
Business contact, banking, and client details can remain in the skill's local data files and may be included in generated documents.
The skill stores sender contact and bank-account-style information locally for reuse in generated invoices.
"phone": "010-1234-5678", "email": "contact@mufism.com", "bankAccount": "우리은행 1002-123-456789"
Use real financial/contact data only in a trusted workspace, review generated documents before sharing, and avoid storing unnecessary sensitive details.
A future npm install may resolve a different dependency version than the one originally tested.
The npm dependency is allowed to float within a semver range, and no lockfile is present in the supplied manifest.
"dependencies": { "puppeteer-core": "^23.0.0" }Pin dependency versions and include a reviewed lockfile so installations are reproducible.